VDB
CVE-2017-1000376
CVE-2017-1000376
PUBLISHED
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.
EPSS 2.43% · 85.4th percentile
Risk Scores
EPSS Score
2.43%
85.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | libffi | 3.0.13-4, 3.0.13-5, 3.0.13-6 |
Exploit Intelligence
- https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt (circl)
- https://access.redhat.com/security/cve/CVE-2017-1000376 (circl)
- DSA-3889 (circl)
- https://www.oracle.com/security-alerts/cpujan2020.html (circl)
- unix-ci.py (github-poc)
- unix-ci.py (github-poc)
- unix-ci.py (github-poc)
- unix-ci.py (github-poc)
- unix-ci.py (github-poc)
Timeline
- Jun 19, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-1000376 third-party-advisory
- https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt third-party-advisory
- https://access.redhat.com/security/cve/CVE-2017-1000376 third-party-advisory
- https://ubuntu.com/security/notices/USN-3454-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-3454-2 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-1000376 third-party-advisory